k8sgpt-ai / k8sgpt Goto Github PK

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've discussed this feature in the #k8sgpt slack channel

Is this feature request related to a problem?

• Yes
• No

Describe the solution you'd like

It could be highly beneficial to conduct an analysis of pdb resources to ensure that everything is configured correctly and functioning as expected.

My initial idea is to perform a simple check to ensure that the pdb is applicable to at least one existing resource.

Benefits for the project and its users

Users could detect and troubleshoot pdb issues

Additional context

As discussed with @AlexsJones , this analyzer may not be enabled by default, but only if the user specifies it by running k8sgpt filters add pdb. This issue depend #161

When you run k8sgpt analyze and get multiple errors, the first one's number is stuck at the top with the progress bar. The same happens when running with output set to JSON, but with the opening code bracket.

❯ ./k8sgpt analyze
   0% |                                                                                                                                                                                                                                                       | (0/4, 0 it/hr) [0s:0s]0 
kube-system/kube-prometheus-stack-kube-scheduler(kube-prometheus-stack-kube-scheduler): Service has no endpoints, expected label component=kube-scheduler 

1 kube-system/kube-prometheus-stack-kube-controller-manager(kube-prometheus-stack-kube-controller-manager): Service has no endpoints, expected label component=kube-controller-manager 

2 kube-system/kube-prometheus-stack-kube-etcd(kube-prometheus-stack-kube-etcd): Service has no endpoints, expected label component=etcd 

3 kube-system/kube-prometheus-stack-kube-proxy(kube-prometheus-stack-kube-proxy): Service has no endpoints, expected label k8s-app=kube-proxy

 ❯ ./k8sgpt analyze -o json
   0% |                                                                                                                                                                                                                                                          | (0/4, 0 it/hr) [0s:0s]{
"kind":"Service","name":"kube-system/kube-prometheus-stack-kube-etcd","error":["Service has no endpoints, expected label component=etcd"],"details":"","parentObject":"kube-prometheus-stack-kube-etcd"}
{"kind":"Service","name":"kube-system/kube-prometheus-stack-kube-proxy","error":["Service has no endpoints, expected label k8s-app=kube-proxy"],"details":"","parentObject":"kube-prometheus-stack-kube-proxy"}
{"kind":"Service","name":"kube-system/kube-prometheus-stack-kube-scheduler","error":["Service has no endpoints, expected label component=kube-scheduler"],"details":"","parentObject":"kube-prometheus-stack-kube-scheduler"}
{"kind":"Service","name":"kube-system/kube-prometheus-stack-kube-controller-manager","error":["Service has no endpoints, expected label component=kube-controller-manager"],"details":"","parentObject":"kube-prometheus-stack-kube-controller-manager"}

This is on macOS Ventura 13.2, tried with both fish and bash, and with both regular built in terminal and Hyper terminal.

When I run brew install k8sgpt, it gives me following error:
==> Installing k8sgpt from k8sgpt-ai/k8sgpt Error: The following formula cannot be installed from bottle and must be built from source. k8sgpt Install Clang or run brew install gcc.

I did run brew install gcc but it's still the same.

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've discussed this feature in the #k8sgpt slack channel

Is this feature request related to a problem?

• Yes
• No

Describe the solution you'd like

I think it would be useful, if we'd be able to analyze ingress resources to find out if everything is configured correctly and obviously if it should be working technically.

In the first step, we could try to find out if services referred to in the ingress object are existing, and maybe if they are responsive.

Benefits for the project and its users

Users could detect and troubleshoot ingress issues

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update actions/checkout digest to 1d96c77
• chore(deps): update actions/upload-artifact digest to 6546280
• fix(deps): update module buf.build/gen/go/k8sgpt-ai/k8sgpt/grpc/go to v1.3.0-20240406062209-1cc152efbf5c.2
• fix(deps): update module github.com/aws/aws-sdk-go to v1.51.26
• fix(deps): update module github.com/azure/azure-sdk-for-go/sdk/azidentity to v1.5.2
• fix(deps): update module github.com/azure/azure-sdk-for-go/sdk/storage/azblob to v1.3.2
• fix(deps): update module github.com/google/generative-ai-go to v0.11.0
• fix(deps): update module github.com/sashabaranov/go-openai to v1.22.0
• fix(deps): update module golang.org/x/net to v0.24.0
• fix(deps): update module golang.org/x/term to v0.19.0
• fix(deps): update module google.golang.org/api to v0.176.0
• fix(deps): update module google.golang.org/grpc to v1.63.2
• chore(deps): update codecov/codecov-action action to v4
• chore(deps): update softprops/action-gh-release action to v2
• fix(deps): update module gopkg.in/yaml.v2 to v3
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): pin codecov/codecov-action action to ab904c4
• chore(deps): update docker/build-push-action digest to 2cdde99
• chore(deps): update module oras.land/oras-go to v1.2.5
• fix(deps): update module buf.build/gen/go/k8sgpt-ai/k8sgpt/grpc-ecosystem/gateway/v2 to v2.19.1-20240406062209-1cc152efbf5c.1
• fix(deps): update module github.com/mittwald/go-helm-client to v0.12.9
• chore(deps): update google-github-actions/release-please-action action to v4.1.0
• fix(deps): update kubernetes packages to v0.30.0 (k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/apimachinery, k8s.io/client-go)
• fix(deps): update module github.com/aquasecurity/trivy-operator to v0.20.0
• fix(deps): update module github.com/prometheus/prometheus to v0.51.2
• fix(deps): update module sigs.k8s.io/controller-runtime to v0.17.3
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• fix(deps): update module helm.sh/helm/v3 to v3.14.2 [security]
• chore(deps): update module oras.land/oras-go to v2

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've included steps to reproduce the bug.
• I've included the version of Kubernetes and k8sgpt.

Subject of the issue

Relevant to issue #114 that was closed in PR #155.

Primary issue: The kubecontext flag has no effect. Current context is always used despite any given input.

Secondary issue: The functionality isn't described in the docs - happy to submit chore PRs to document how this works if this is an issue from my end.

Your environment

• Version of Kubernetes

  Client Version: v1.26.1
  Kustomize Version: v4.5.7
  Server Version: v1.24.10-eks-48e63af
  

• Host OS and its version / If windows, is it WSL?

  MacOS Ventura 13.2.1
  

• Version of k8sgpt
  v0.1.4

Steps to reproduce

Assumes you have a kubeconfig with a functional current context - e.g. you can run kubectl get nodes successfully.

1. Download k8sgpt v0.1.4
2. Run ./k8sgpt auth, put some random key as we wont use it anyway
3. Run ./k8sgpt analyze - works fine, uses your default context
4. Run ./k8sgpt analyze --kubecontext aContextThatDoesNotExist - runs without issue, as it uses your default context despite any given value

Expected behaviour

If I provide a context that exists, that context should be used for the analysis.

If I provide a context that does not exist, the tool should crash or fail (hopefully with a nice error message explaining why.)

Actual behaviour

Current context of your kubeconfig is always used. Providing a context that doesn't exist will still use the default, leading to misleading behaviour as shown below.

# without context flag - uses current context, this cluster is healthy
❯ ~/Desktop/k8sgpt_Darwin_arm64_0.1.4/k8sgpt analyze
{ "status": "OK" }

# with context flag - current context is used anyway
❯ ~/Desktop/k8sgpt_Darwin_arm64_0.1.4/k8sgpt analyze --kubecontext aContextThatDoesNotExist
{ "status": "OK" } # this is a lie - the given context doesn't even exist

Additional context / screenshots

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've included steps to reproduce the bug.
• I've included the version of Kubernetes and k8sgpt.

Subject of the issue

After changing kubectl context to another cluster, it seems as if k8sgpt just respons with a cache without actually checking. I get the same (identical) response eventhough kubeconfig context was changed.

Your environment

• Version of Kubernetes
  Client Version: v1.26.1
  Kustomize Version: v4.5.7
  Server Version: v1.24.6
• Host OS and its version / If windows, is it WSL?
  System Version: macOS 13.1 (22C65)
  Kernel Version: Darwin 22.2.0
• Version of k8sgpt
  k8sgpt version 0.1.2

Steps to reproduce

• Step 1
  Execute an analyze
• Step 2
  Switch kubectl context to a different cluster
• Step 3
  Execute another analyze

Expected behaviour

I expected to get a new analyze result from the new cluster context.

Actual behaviour

I got the identical response as from when I first ran the analyze

Additional context / screenshots

I've also tried deleting ~/.k8sgpt.yaml as well as ~/.kube/config and thereafter reset a totally fresh kubeconfig context and reinitated the k8sgpt auth. The respons I got after a k8sgpt analyze was the exact same as before, from the cluster I no longer have in my context.

The progress loading is at 0% and the time usage output says | (0/4, 0 it/hr) [0s:0s]0

Additionally, also tried from a different terminal session. Also tried switching to Terminal.app instead of iTerm. Also switched from omzsh to bash. I get the cached response immediately...

I verified that kubectl had correctly switch context between each step and in all the different shell sessions, and that. k8sgpt had not switched. It still gave the identical response.

I would like to run the analyze for a specific namespace instead of the entire cluster. --filter by namespace or just a --namespace flag would be ideal.

To enable people to leave better issues, we need to use an issue template to help provide the right information

There should be a section in the readme on how to install the binaries for windows and Linux from the releases.

This path is incorrectly printed out in the CLI and needs updating

Create a shell script to act as installer, either hosting directly in github or remotely

When using --explain, the text from each issue is too close together. For some of us, this gets problematic, so it makes sense to get a little bit of space in between these issues by adding a newline.

Since many (including myself) with organizations will be using ChatGPT as part of Azure OpenAI Service. The feature should also allow the ability to point to ChatGPT running on Azure OpenAI Services.

It is using the same API but different endpoint https://openaichatgpt.openai.azure.com, could for instance be a featureflag to point it to another endpoint?

• release-please process
• PR process

Since the refactor, it looks like the --explain time has sky rocketted, but the reality is that it's making all the API calls prior to displaying the results rather than incrementally, this might be worth adding a count on or printing our incrementally somehow

e.g.

|--->  | 
1 of 10 tasks

Currently, k8sgpt does not understand British spelling e.g. analyse vs analyze https://prowritingaid.com/analyse-or-analyze

Flag --kube-context for quick switching between clusters without global system update of kube context

Description

At the moment, only the affected resource is printed out, when a problem is found. As the configuration often has to be changed in a parent object, we should investigate the path to the root and print it out afterward.

Example

• Troubleshooting Result: pod xyz is running out-of-memory
• Normally, there is a Replicaset/Deployment managing this pod
• Therefore, the path would be pod -> replicaset->deployment`
• If we print this out, the end-user would get directed to the object which has to be changed

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've discussed this feature in the #k8sgpt slack channel

Is this feature request related to a problem?

• Yes
• No

Describe the solution you'd like

It could be highly beneficial to conduct an analysis of hpa resources to ensure that everything is configured correctly and functioning as expected.

Initially, we could focus on identifying whether the scaleTargetRef mentioned in the hpa object exists.

Benefits for the project and its users

Users could detect and troubleshoot hpa issues

Additional context

As discussed with @AlexsJones , this analyzer may not be enabled by default, but only if the user specifies it by running k8sgpt filters add hpa. This issue depend #161

Error: fatal: repository 'https://github.com/k8sgpt-ai/k8sgpt/' not found

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've discussed this feature in the #k8sgpt slack channel

Is this feature request related to a problem?

• Yes
• No

Describe the solution you'd like

I noticed that when a filter is added during analysis, all analyzers are executed, which makes the analysis very long even if we only want to retrieve the services.

The filter is applied during the merging of errors to display only what the user has indicated in the filter argument. Shouldn't the filter be applied upstream so that only the analyzer we are interested in is executed?

Benefits for the project and its users

Improvement of Performance in Adding Filters

Checklist:

• [x ] I've searched for similar issues and couldn't find anything matching
• [x ] I've discussed this feature in the #k8sgpt slack channel

Is this feature request related to a problem?

• Yes
• [ x] No

As we start to build out more capabilities, there are those that are not necessarily catching "errors" but more best-practice or good guidance on how to operate with Kubernetes. One such example os PDB ( Pod disruption budget ), it is not an error not to have this on a deployment/sts/ds but it is good practice for when you wish to roll a small deployment without loss of availability.

I propose that we have a mechanism to list/set default filters

e.g.

k8sgpt filters list
> Pod
> Service
> Ingress
etc..

Then you could add or remove a filter

k8sgpt filters add: <Resource> 
// Check if its found

k8sgpt filters remove: <Resource>
// Check if its found

This would then form the basis of a new array we would pull from viper and loop over
e.g.

func RunAnalysis(ctx context.Context, filters []string, config *AnalysisConfiguration,
	client *kubernetes.Client,
	aiClient ai.IAI, analysisResults *[]Analysis) error {

      // HERE WE WOULD BUILD THE ANALYZER MAP BASED OFF OF viper.Get("default_filters")


	// if there are no filters selected then run all of them
	if len(filters) == 0 {  
		for _, analyzer := range analyzerMap { 
			if err := analyzer(ctx, config, client, aiClient, analysisResults); err != nil {
				return err
			}
		}
		return nil
	}

	for _, filter := range filters {
		if analyzer, ok := analyzerMap[filter]; ok {
			if err := analyzer(ctx, config, client, aiClient, analysisResults); err != nil {
				return err
			}
		}
	}
	return nil
}

I'm facing this issue while running command: k8sgpt analyze on Macos arm64 and connecting to GKE.

Error initialising kubernetes client: no Auth Provider found for name "gcp"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x101e6c600]

Description

When deploying services, one of the things which are faced very often is that endpoints are not available, caused by pods that are not able to start or incorrect labels on the service object.

Possible solution

• Find services without endpoints
• If endpoint is missing, try to find out if pods with matching labels exist
• Look for problems on the pod
• If no pod matches labels, try to find pod with similar name
• Respond with problem solution

Create a brew installer for k8sgpt

e.g. brew tap k8sgpt-ai && brew install k8sgpt

Checklist:

• I've searched for similar issues and couldn't find anything matching

Subject of the issue

I would like to know how my private cluster-data is treated. I would not like to disclose any personal info to GTP/OpenAI. I miss some information about this topic in the README.

Is the collected data anonymized before sending it to GPT? Which data is collected? Are my private and sensible clusters going to keep safe? Why? Is this tools GDPR compliant? Etc...

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've discussed this feature in the #k8sgpt slack channel

Is this feature request related to a problem?

• Yes
• No

if you set deny-all nw-policies for your namespaces per default and you need to define each allow-policy it could be really frustrating when your frontend service cannot connect to the backend service. you need to check

• is the policy correct (labels, indents, ports, ..)
• is the backend service responsive
• run some curl/wget command in the frontend service, which you probably don't have, attach debug containers, ...

Describe the solution you'd like

in the first place we could check if the "from" and "to" selectors in network policies match existing objects, probably also checking targetPorts

Benefits for the project and its users

analyzing network policy issues gets simpler

Potential drawbacks

Additional context

We need to have at least the default model as a parameter that is in the config for long term support of models like davinci via openai
e.g.

ai:
 providers:
   - name: openai
      model: GPT3-turbo

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've discussed this feature in the #k8sgpt slack channel

Is this feature request related to a problem?

• Yes
• No

Describe the solution you'd like

At present, the link to the slack channel mentioned in the Readme.md is redirects to the old slack channel. However, a new slack workspace for K8GPT has created Ref: https://k8sgpt.slack.com. We need to update the readme and refer to the new link.

Potential drawbacks

Should we keep the old link also, so that new users can refer to the old discussions?

Description
go modules are pointing to github.com/cloud-native-skunkworks/k8sgpt. We should change this to point to the k8sgpt-aiorg.

Checklist:

• I've searched for similar issues and couldn't find anything matching
• I've discussed this feature in the #k8sgpt slack channel

Is this feature request related to a problem?

• Yes
• No

Describe the solution you'd like

The proposed functionality is to add a check to the ingress analyzer that verifies whether the secret declared in the ingress exists on the cluster.

Benefits for the project and its users

Users could detect and troubleshoot ingress issues